Formal Testing with Input-Output Transition Systems

Formal Testing withInput-Output

Transition Systems

Ed BrinksmaCourse 2004

© Ed Brinksma/Jan Tretmans

Formal Testing

exec : TESTS IMPS (OBS)

der : SPECS (TESTS)

Ts TESTS

s SPECS

IUT IMPS

imp

iIUT MODS

obs : TESTS MODS (OBS)

t: (OBS) {fail,pas

s}

OBS

pass

fail

Proof soundness and exhaustivess:iMODS . ( tder(s) . t(obs(t,i)) = pass ) i imp s

Test hypothesis :IUTIMPS . iIUT MODS . tTESTS . exec(t,IUT) = obs(t,iIUT)


Input-Output Transition Systems

dub

coffee

kwart

tea

S1 S2

S3 S4

S0

LI = { ?dub, ?kwart }

LU = { !coffee, !tea }

dub, kwart coffee, tea

from user to machine from machine to userinitiative with user initiative with machinemachine cannot refuse user cannot refuse

input outputLI LU

LI LU = LI LU = L

!

??

!



LI = { ?dub, ?kwart }

LU = { !coffee, !tea }

Input-Output Transition Systems IOTS (LI ,,LU ) LTS (LI , LU )

IOTS is LTS with Input-Outputand always enabled inputs:

for all states s,for all inputs ?a LI :

?dub?kwart

?dub?kwart

?dub?kwart

?dub?kwart

?dub

!coffee

?kwart

!tea

S ?a


?kwart

?dub?kwart

?kwart

?dub?kwart

?dub?kwart

?kwart?dub

?dub?kwart

?kwart?dub

?kwart

?kwart?dub

?dub?kwart

?dub?kwart


!coffee

?dub

!tea !coffee

?dub

?dub

!coffee

?dub

!tea


Labelled Transition System Testing

SPECS LTS ( LI LU ) LTS MODS IOTS (LI , LU ) LTS TESTS TTS ( LU , LI ) LTS

OBS traces obs t || i der der : LTS ( LTS )

Which imp ? (strong, weak, branching, ... ) bisimulation trace-, testing-, refusal - preorder / equivalence conf, conf*, aconf, ioconf, ioco, miocoF

ioco


Formal Correctness

testing equivalences

refusal testing

canonical tester

Input Output Automataquiescence

ioco


Preorders on Transition Systems

implementationi

specifications

environmente

environmente

? ? ?

i s e E . obs ( e, i ) obs (e, s )

i LTS s LTS


Preorders onInput-Output Transition Systems

implementationi

specifications

environmente

environmente

imp

i IOTS(LI,LU) s LTS(LILU)

imp IOTS (LI,LU) x LTS (LILU)Observing IOTS where system inputsinteract with environment outputs, and v.v.


Preorders onInput-Output Transition System

implementationi

specifications

environmente

environmente

IOTS(LU,LI)

imp

i imp s e E . obs ( e, i ) obs (e, s )



Input-Output Testing Relation

implementationi

specifications

environmente

environmente

obs ( e, p ) = ( traces (e||i ), Ctraces (e||i ) )

iot

i iot s e IOTS(LU,LI) . obs ( e, i ) obs (e, s )



Input-Output Refusal Relation

implementationi

specifications

environmente

environmente

obs ( e, p ) = ( traces (e||i ), Ctraces (e||p) )

ior

i ior s e IOTS(LU,LI {} ) . obs ( e, i ) obs (e, s )




i,s LTS : i te s e LTS . obs ( e, i ) obs (e, s )

inputs can never be refused by ioutputs can never be refused by e :

FP ( i ) FP ( s )

FP ( p ) = { , A | A L, traces(p), p afer refuses A }

i IOTS(LI,LU) : i iot s e IOTS(LU,LI) . obs ( e, i ) obs (e, s )

i afer refuses A A = or A = LU



FP ( i ) FP ( s )

i IOTS(LI,LU) : i iot s e IOTS(LU,LI) . obs ( e, i ) obs (e, s )

{ | traces(i), i afer refuses } { | traces(s), s afer refuses } and { | traces(i), i afer refuses LU } { | traces(s), s afer refuses LU } traces(i) traces(s) and Qtraces(i) Qtraces(s)

Qtraces : Quiescent traces = traces ending in quiescence i i = i i = !x LU {} : i !x LU



Ftraces( i ) Ftraces ( s )

i IOTS(LI,LU) : i ior s e IOTS(LU,LI {}) . obs ( e, i ) obs (e, s )

( L ( L ) )* : i Failure trace :Failure traces of i : Ftraces ( i ) = { ( L ( L ) )* | i

}

Failure A : A { } : i Ai i where:

inputs can never be refused by ioutputs can never be refused by e :

i afer refuses A A = or A = LU



Ftraces( i ) Ftraces ( s )


Straces : Suspension traces

= Failure traces restricted to refusals quiescence LU =

Straces( i ) Straces ( s )

Straces ( i ) = Ftraces ( i ) ( L { LU } )*

= { ( L { } )* | i }




Straces( i ) Straces ( s )

( L { } )*: out ( i after ) out ( s after )

where:

out ( I ) = { !x LU | i !x , iI } { | i i, i S }

!xout ( i after ) = { !x LU { } | i }


Implementation Relation ioco

i IOTS(LI,LU) : i ior s ( L { } )*: out ( i after ) out ( s after )

To allow under-specification :

i ioco s Straces( s ) : out ( i after ) out ( s after )


i ioco s =def Straces (s) : out (i after ) out (s after )


Correctness expressed by implementation relation ioco:

Intuition:i ioco-conforms to s, iff• if i produces output x after trace , then s can produce x after • if i cannot produce any output after trace , then s cannot produce any output after ( quiescence )




p p = p p = !x LU {} : p

!x LU

Straces (s) = Ftraces (s) ( L { LU } )*

= { ( L { } )* | s }

p after = { p’ | p p’ }

out ( P ) = { !x LU | p , p P }

{ | p p, pP }

!x


Implementation Relation iocoout ( i after )

=out ( i after ?dub ) =out ( i after ?dub.?dub )

=out ( i after ?dub.!coffee) =out ( i after ?kwart ) =out ( i after !coffee ) =out ( i after ?dub.!tea )

=out ( i after ) =

!coffee

?dub

?dub?kwart

?dub?kwart

i ?kwart

{ }{ !coffee }{ !coffee }{ }

{ }

{ }



!coffee

?dub

?dub

?dub

i

!coffee

?dubs

out (i after ) = { }out (i after ?dub) = { !coffee }out (i after ?dub.!coffee) = { }

out (s after ) = { }out (s after ?dub) = { !coffee }out (s after ?dub.!coffee) = { }

ioco




!coffee

?dub

?dub

?dub

i

!coffee

?dubs

!tea

out (i after ?dub) = { !coffee } out (s after ?dub) = { !coffee, !tea }

ioco




!coffee

?dubs

?dub

?dub

!coffee

?dubi

!tea

?dub

out (i after ?dub) = { !coffee, !tea } out (s after ?dub) = { !coffee}

ioco




out (i after ?dub) = { !coffee, !tea } out (s after ?dub) = { !coffee, !tea}

ioco?dub

?dub

?dub

!coffee

?dubi

!tea

?dub

?dub



!coffee

?dubs

!tea


ioco

?dub

?dub?kwart

!coffee

?kwarti

!tea !coffee

?dubs

out (i after ?dub) = { !coffee }out (i after ?kwart) = { !tea }

out (s after ?dub) = { !coffee }out (s after ?kwart) =

But ?kwart Straces ( s )






?dub

?dub?kwart

!coffee

?kwarti

!tea

ioco

s?dub

!coffee

?kwart

!tea

out (i after ?dub) = { !coffee }out (i after ?kwart) = { !tea }

out (s after ?dub) = { !coffee }out (s after ?kwart) = { !tea }


!coffee

?dub

i ?kwart

?dub?kwart

?dub?kwart

out (s after ?kwart) = { !tea }out (i after ?kwart) = { }

ioco



s?dub

!coffee

?kwart

!tea


out (s after ?dub) = { !coffee }out (i after ?dub) = { , !coffee }

ioco

?dub

?dub

?dub

!coffee

?dubi

?dub

!coffee

?dubs




out (s after ?dub) = { , !coffee }out (i after ?dub) = { , !coffee }

ioco

!coffee

?dub

s



?dub

?dub

?dub

!coffee

?dubi

?dub


out (i after ?dub.?dub) = out (s after ?dub.?dub) = { !tea, !coffee }

i ioco s


i ioco s =def Straces (s) : out (i after ) out (s after ) i

?dub

?dub

?dub ?dub

!tea

?dub

?dub

!coffee

?dub

s

!coffee

?dub

?dub

?dub ?dub

!tea

?dub

?dub

?dub

?dub

!tea

s ioco i

out (i after ?dub.?dub) = { !coffee } out (s after ?dub..?dub) = { !tea, !coffee }


?kwart

!coffee

?dub

!tea

!coffee

?dub?kwart

?dub?kwart

?dub?kwart !coffee

?dub

!tea

ioco

ioco

ioco


ioco

ioco

ioco



? x (x >= 0)! x

? x (x < 0)

? y

implementation i

! -x? x (x >= 0)! x

? x (x < 0)

? y

specification s

i ioco ss ioco i


equation solver for y2 =x :


Genealogy of ioco Labelled Transition Systems

IOTS (IOA, IOSM, IOLTS)

Testing Equivalences(Preorders)

Refusal Equivalence(Preorder)

Canonical Testerconf

Quiescent Trace Preorder

Repetitive QuiescentTrace Preorder

(Suspension Preorder)

ioco

ioconf


Formal Testing with Transition Systems

t: (traces){fail,pass}

exec : TESTS IMPS (OBS)

traces

der : LTS (TTS)

Ts TTS

s LTS

IUT IMPS

ioco

iIUT IOTS pass

fail

obs : TTS IOTS (traces)

Soundness and exhaustivess proved:iIOTS . ( tder(s) . t(obs(t,i)) = pass ) i ioco s

Test hypothesis :IUTIMPS . iIUT IOTS . tTTS . exec(t,IUT) = obs(t,iIUT)

Date post:	25-Feb-2016
Category:	Documents
Upload:	inez
View:	45 times
Download:	0 times

Formal Testing with Input-Output Transition Systems

Documents